MPU FAULT Error on memcpy(value + offset, buf, len) of bluetooth peripheral write_vnd callback

Question

I am getting this error:

[00:00:43.670,227] <err> os: ***** MPU FAULT *****
[00:00:43.670,257] <err> os: Data Access Violation
[00:00:43.670,257] <err> os: MMFAR Address: 0x0
[00:00:43.670,288] <err> os: r0/a1: 0x00000000 r1/a2: 0x2000fe15 r2/a3: 0x2000fe1b
[00:00:43.670,288] <err> os: r3/a4: 0xffffffff r12/ip: 0x000387f3 r14/lr: 0x00000619
[00:00:43.670,288] <err> os: xpsr: 0x81000000
[00:00:43.670,318] <err> os: Faulting instruction address (r15/pc): 0x00038200
[00:00:43.670,349] <err> os: >>> ZEPHYR FATAL ERROR 0: CPU exception on CPU 0
[00:00:43.670,349] <err> os: Current thread: 0x200015e0 (unknown)
event_clock_init2] <err> fatal_error: Resetting system

When running this code:

static ssize_t write_vnd(struct bt_conn *conn, const struct bt_gatt_attr *attr,
const void *buf, uint16_t len, uint16_t offset,
uint8_t flags)
{
    printf("write_vnd\n");
    uint8_t *value = attr->user_data;

    if (offset + len > sizeof(ct)) {
        return BT_GATT_ERR(BT_ATT_ERR_INVALID_OFFSET);
    }

    printf("memcpy\n");
	memcpy(value + offset, buf, len);
    printf("memcpy done\n");
    ct_update = 1U;

    return len;
}

The terminal shows this before the error:

write_vnd
memcpy

so it seems to happen on this line:

memcpy(value + offset, buf, len);

I don't understand how memcpy dest is represented as value + offset.

Which was taken from this sample and I also see reference here.

lcj · Accepted Answer

I found the problem. 
 
 I had declared: 
 
 static uint8_t ct[20]; 
 
 but didn't specify in:

BT_GATT_CHARACTERISTIC(&write_characteristic_uuid.uuid,
BT_GATT_CHRC_WRITE,
BT_GATT_PERM_WRITE,
NULL, write_vnd, ct),

As I was told, the value is a pointer to the ct buffer (pointing at the first element ) , by incrementing the pointer I am moving the pointer to other elements in the ct buf .

MPU FAULT Error on memcpy(value + offset, buf, len) of bluetooth peripheral write_vnd callback

Top Replies